The manpage for login_getpath, login_getcapstr, etc., explicitly says that returned strings are not to be freed, that the memory will be reused or freed on login_close. This is an outright lie; the memory is just leaked. Most callers probably don't care about this, since they're setting up for an exec, but some do, This isn't new; it was raised nearly 10 YEARS AGO in #195128, which remains open and unfixed. However, I suggest that the right fix might be to leave the code alone and change the manpage; at least OpenBSD explicitly documents that returned capability strings are to be freed if they are not the passed-in def/err values.